TIME TO READ: 6 MINUTES
Cybersecurity is, and always will be, a two-sided effort. On one side, you have network-level protections for connectivity & data. We talked about these in our last issue, providing you with an IT Security Report Card to rate your company’s security level.
On the other side, you have security ‘practices’ among your team. Daily habits that protect your network from the "human element" in cybersecurity.
This WOOF contains an IT Security Practices Scorecard with the most effective, real-world IT security practices we know. Use it to test your team's security knowledge. Share it around and help everyone. Keep cyberattacks far, far away
from your day-to-day activities!
How to Use the Scorecard
If you currently follow the security practice described, check the box. The objective? Check as many of these boxes as you're able.
Every box you don't check is a security practice you can (and should) implement. We've grouped these by topic for easier reference.
Give yourself 1 point for every box you check. Total possible points = 26.
- We require employees to change their network passwords every 6 months at a minimum. Every employee must use a complex password.
- We enable MFA (multi-factor authentication) on our cloud and office applications, whenever possible.
- Our employees must use password vault programs (instead of browsers) to store their passwords.
- We run firmware updates on our network gear (switches, firewalls, routers, Wi-Fi) quarterly, or sooner if the manufacturer announces a security risk.
- We conduct mitigation on exploits found in our quarterly network vulnerability testing.
- All remote employees must use a VPN or secured Wi-Fi hotspot when accessing the company servers.
- Our company policy on remote access forbids use of an insecure Wi-Fi connection to access the company’s network.
- We do not run unsupported software on our servers or workstations.
- We do not use pirated software.
- We do not grant administrative rights to employee workstations.
- We regularly apply all security patches and Windows updates to our company workstations.
- We implement encryption on all workstations.
- All company workstations, devices, and mobile phones have password or PIN protection.
- We have a corporate policy on device safety, and train our employees on how to travel safely with their company devices.
- We asset tag our IT hardware (which forces recording of a device’s details), helping police recover stolen items and assisting with insurance claims.
- Our employees are not allowed to use personal email for work purposes.
- Employees with BYOD (Bring Your Own Device) must use a segregated guest network. These devices are not allowed on the company's network.
- We provide cybersecurity best-practice training for our employees once a year.
- We provide our employees access only to the applications required to do their job.
- Employees cannot share accounts for workstations, online services, Office 365/Google Workspace accounts, etc.
- We terminate all separated employees' account access immediately upon their leaving the company (including Remote Desktop Services).
BUSINESS SAFETY NET
- We conduct monthly security patching and software updates to our servers.
- We test our server cloud backups for recoverability at least quarterly.
- We test our workstation cloud backups for recoverability at least quarterly.
- We test our Office 365/Google Workspace third-party backups for recoverability at least quarterly.
- We have a Cyber Insurance policy that protects us from loss due to cyberattack.
TOTAL SCORE: ___ / 26
How did you do? Is it time to make some changes?
The important thing is to start on the path. Even small changes can boost IT security overall. Contact your IT department or IT support company and discuss which of these practices would benefit your team the most right now.
Wherever you choose to start, commit to the practice. Get your team on board and figure out ways to test for compliance. Use team calendars to ensure completion. If necessary, push changes out company-wide, so the company’s IT stays safe and
everyone stays productive.
We prepared a PDF version of this checklist as well. Download it in PDF format by clicking the image below.
Security Practices Don't Take Much Time...But You Must Keep Them Up
Now you see where both halves of the cybersecurity effort come from. Half technical protection, half team habits. With both, your chances of suffering a cyberattack drop as close to zero as possible.
Did you miss our popular IT Security Report Card last month? Download it here: IT Security Report Card Download
Every PlanetMagpie customer will receive an IT Security Report Card filled out by their primary support tech, and then a call from a senior engineer to discuss shoring up their IT security.
We are happy to conduct the same review for new customers.
Want yours? Give us a call!